CVE-2006-3216 - OpenCVE

Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Clearswift	Mailsweeper For Smtp Mailsweeper For Exchange

Configuration 1 [-]

OR	cpe:2.3:a:clearswift:mailsweeper_for_exchange::::::::
	cpe:2.3:a:clearswift:mailsweeper_for_smtp::::::::

References

Link	Resource
http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4%2C3%2C20.htm
http://secunia.com/advisories/20756	Patch Vendor Advisory
http://www.osvdb.org/26738
http://www.osvdb.org/26739
http://www.securityfocus.com/bid/18584	Patch
http://www.vupen.com/english/advisories/2006/2473
https://exchange.xforce.ibmcloud.com/vulnerabilities/27303
https://exchange.xforce.ibmcloud.com/vulnerabilities/27305

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-06-24T01:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-06-23T00:00:00

Link: CVE-2006-3216

JSON object: View

NVD Information

Status : Modified

Published: 2006-06-24T01:06:00.000

Modified: 2023-11-07T01:58:58.417

Link: CVE-2006-3216

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes \"unpredictable behavior\" that prevents the Security service from processing more messages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "mailsweeper-malformed-message-dos(27305)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27305"}, {"name": "26739", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26739"}, {"name": "mailsweeper-reverse-dns-dos(27303)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27303"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4%2C3%2C20.htm"}, {"name": "18584", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18584"}, {"name": "20756", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20756"}, {"name": "26738", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26738"}, {"name": "ADV-2006-2473", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2473"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3216", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes \"unpredictable behavior\" that prevents the Security service from processing more messages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "mailsweeper-malformed-message-dos(27305)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27305"}, {"name": "26739", "refsource": "OSVDB", "url": "http://www.osvdb.org/26739"}, {"name": "mailsweeper-reverse-dns-dos(27303)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27303"}, {"name": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm", "refsource": "CONFIRM", "url": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4,3,20.htm"}, {"name": "18584", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18584"}, {"name": "20756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20756"}, {"name": "26738", "refsource": "OSVDB", "url": "http://www.osvdb.org/26738"}, {"name": "ADV-2006-2473", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2473"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3216", "datePublished": "2006-06-24T01:00:00", "dateReserved": "2006-06-23T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clearswift:mailsweeper_for_exchange:*:*:*:*:*:*:*:*", "matchCriteriaId": "87C646E9-A866-4747-9AE6-601199D4AC03", "versionEndIncluding": "4.3.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:clearswift:mailsweeper_for_smtp:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E3CA3AA-2DA8-4BA2-8FC9-1B5B66A4B21B", "versionEndIncluding": "4.3.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes \"unpredictable behavior\" that prevents the Security service from processing more messages."}, {"lang": "es", "value": "Clearswift MAILsweeper para SMTP anterior a v4.3.20 y MAILsweeper para Exchange anterior a v4.3.20 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de (1) caracteres \"no-ASCII\" en un resultado de b\u00fasqueda de DNS inversa desde una cabecera Received, que lleva a una parada del servicio Receiver, y (2) vectores sin especificar que tienen que ver con mensajes mal formados que provocan un \"comportamiento impredecible\" que impide al servicio Security procesar m\u00e1s mensajes"}], "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nClearswift, MAILsweeper for SMTP, 4.3.20 \r\nClearswift, MAILsweeper for Exchange, 4.3.20", "id": "CVE-2006-3216", "lastModified": "2023-11-07T01:58:58.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-24T01:06:00.000", "references": [{"source": "cve@mitre.org", "url": "http://download.mimesweeper.com/www/TechnicalDocumentation/ReadMe_MSW_4%2C3%2C20.htm"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20756"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26738"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26739"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/18584"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2473"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27303"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27305"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}